evaluate: validate set expression type before accessing flags

commit 2022e8bb5cf0e0fa81ab0a5087bd1ab6e20280ee upstream.

Validate set->init is of EXPR_SET expression type before accessing
set_flags.

Fixes: 81e36530fcac ("src: replace interval segment tree overlap and automerge")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/src/evaluate.c b/src/evaluate.c
index 2316e1e0f05cd64b2e83ce98268a012472b56117..0d0634d6fc741313aa005acd15ec8e60d4e58423 100644 (file)
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -5024,7 +5024,8 @@ static int set_evaluate(struct eval_ctx *ctx, struct set *set)
                set->flags |= NFT_SET_EXPR;
 
        if (set_is_anonymous(set->flags)) {
-               if (set_is_interval(set->init->set_flags) &&
+               if (set->init->etype == EXPR_SET &&
+                   set_is_interval(set->init->set_flags) &&
                    !(set->init->set_flags & NFT_SET_CONCAT) &&
                    interval_set_eval(ctx, set, set->init) < 0)
                        return -1;